Nginx如何配置https协议
1,首先得有证书。
可以去域名服务商免费申请,如阿里云,腾讯云。
也可以利用openssl生成证书:
http://blog.51cto.com/shhlamp/2120022
参考:
https://blog.csdn.net/smartdt/article/details/80027579
https://www.cnblogs.com/bincoding/p/6118270.html
2,配置Nginx,如果http配置的有端口转发。在https需要再配置一遍。
server {
listen 443 ssl;
server_name xcx.klint.cn;
ssl on;
ssl_certificate /usr/local/ssl/1727846_xcx.klint.cn.pem;
ssl_certificate_key /usr/local/ssl/1727846_xcx.klint.cn.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location /cms {
index index;
proxy_pass https://cms ;
}
location /site {
index index;
proxy_pass https://site ;
}
端口转发配置的内容:
location /cms {
index index;
proxy_pass https://cms ;
}
location /site {
index index;
proxy_pass https://site ;
}
location =/ {
rewrite / /cms;
}
4,重启nginx:
/usr/local/nginx/sbin/nginx -s reload
5,Nginx配置https,解决“parameter requires ngx_http_ssl_module”的问题
原因也很简单,nginx缺少http_ssl_module模块,编译安装的时候带上--with-http_ssl_module配置就行了,但是现在的情况是我的nginx已经安装过了,怎么添加模块,其实也很简单,往下看:
https://my.oschina.net/litengteng/blog/1800751
6,windows系统环境下
ssl_certificate C:\ssl\a.pem;
ssl_certificate_key C:\ssl\a.key;
配置任何绝对路径会报错,解决办法是 将证书放到nginx的conf文件夹。